Add a bunch of X509_STORE getters and setters.
These were added in OpenSSL 1.1.0.
Change-Id: I261e0e0ccf82544883c4a2ef5c5dc4a651c0c756
Reviewed-on: https://boringssl-review.googlesource.com/28329
Reviewed-by: Adam Langley <agl@google.com>
diff --git a/crypto/x509/x509_lu.c b/crypto/x509/x509_lu.c
index ea01427..4046c3e 100644
--- a/crypto/x509/x509_lu.c
+++ b/crypto/x509/x509_lu.c
@@ -708,17 +708,124 @@
return ctx->param;
}
+void X509_STORE_set_verify(X509_STORE *ctx, X509_STORE_CTX_verify_fn verify)
+{
+ ctx->verify = verify;
+}
+
+X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx)
+{
+ return ctx->verify;
+}
+
void X509_STORE_set_verify_cb(X509_STORE *ctx,
- int (*verify_cb) (int, X509_STORE_CTX *))
+ X509_STORE_CTX_verify_cb verify_cb)
{
ctx->verify_cb = verify_cb;
}
-void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
- STACK_OF (X509_CRL) *
- (*cb) (X509_STORE_CTX *ctx, X509_NAME *nm))
+X509_STORE_CTX_verify_cb X509_STORE_get_verify_cb(X509_STORE *ctx)
{
- ctx->lookup_crls = cb;
+ return ctx->verify_cb;
+}
+
+void X509_STORE_set_get_issuer(X509_STORE *ctx,
+ X509_STORE_CTX_get_issuer_fn get_issuer)
+{
+ ctx->get_issuer = get_issuer;
+}
+
+X509_STORE_CTX_get_issuer_fn X509_STORE_get_get_issuer(X509_STORE *ctx)
+{
+ return ctx->get_issuer;
+}
+
+void X509_STORE_set_check_issued(X509_STORE *ctx,
+ X509_STORE_CTX_check_issued_fn check_issued)
+{
+ ctx->check_issued = check_issued;
+}
+
+X509_STORE_CTX_check_issued_fn X509_STORE_get_check_issued(X509_STORE *ctx)
+{
+ return ctx->check_issued;
+}
+
+void X509_STORE_set_check_revocation(X509_STORE *ctx,
+ X509_STORE_CTX_check_revocation_fn check_revocation)
+{
+ ctx->check_revocation = check_revocation;
+}
+
+X509_STORE_CTX_check_revocation_fn X509_STORE_get_check_revocation(X509_STORE *ctx)
+{
+ return ctx->check_revocation;
+}
+
+void X509_STORE_set_get_crl(X509_STORE *ctx,
+ X509_STORE_CTX_get_crl_fn get_crl)
+{
+ ctx->get_crl = get_crl;
+}
+
+X509_STORE_CTX_get_crl_fn X509_STORE_get_get_crl(X509_STORE *ctx)
+{
+ return ctx->get_crl;
+}
+
+void X509_STORE_set_check_crl(X509_STORE *ctx,
+ X509_STORE_CTX_check_crl_fn check_crl)
+{
+ ctx->check_crl = check_crl;
+}
+
+X509_STORE_CTX_check_crl_fn X509_STORE_get_check_crl(X509_STORE *ctx)
+{
+ return ctx->check_crl;
+}
+
+void X509_STORE_set_cert_crl(X509_STORE *ctx,
+ X509_STORE_CTX_cert_crl_fn cert_crl)
+{
+ ctx->cert_crl = cert_crl;
+}
+
+X509_STORE_CTX_cert_crl_fn X509_STORE_get_cert_crl(X509_STORE *ctx)
+{
+ return ctx->cert_crl;
+}
+
+void X509_STORE_set_lookup_certs(X509_STORE *ctx,
+ X509_STORE_CTX_lookup_certs_fn lookup_certs)
+{
+ ctx->lookup_certs = lookup_certs;
+}
+
+X509_STORE_CTX_lookup_certs_fn X509_STORE_get_lookup_certs(X509_STORE *ctx)
+{
+ return ctx->lookup_certs;
+}
+
+void X509_STORE_set_lookup_crls(X509_STORE *ctx,
+ X509_STORE_CTX_lookup_crls_fn lookup_crls)
+{
+ ctx->lookup_crls = lookup_crls;
+}
+
+X509_STORE_CTX_lookup_crls_fn X509_STORE_get_lookup_crls(X509_STORE *ctx)
+{
+ return ctx->lookup_crls;
+}
+
+void X509_STORE_set_cleanup(X509_STORE *ctx,
+ X509_STORE_CTX_cleanup_fn ctx_cleanup)
+{
+ ctx->cleanup = ctx_cleanup;
+}
+
+X509_STORE_CTX_cleanup_fn X509_STORE_get_cleanup(X509_STORE *ctx)
+{
+ return ctx->cleanup;
}
X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx)
diff --git a/crypto/x509/x509_vfy.c b/crypto/x509/x509_vfy.c
index 2b754f0..8ccbfa5 100644
--- a/crypto/x509/x509_vfy.c
+++ b/crypto/x509/x509_vfy.c
@@ -2434,6 +2434,11 @@
X509_VERIFY_PARAM_set_time(ctx->param, t);
}
+X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx)
+{
+ return ctx->cert;
+}
+
void X509_STORE_CTX_set_verify_cb(X509_STORE_CTX *ctx,
int (*verify_cb) (int, X509_STORE_CTX *))
{
diff --git a/include/openssl/x509_vfy.h b/include/openssl/x509_vfy.h
index 208a380..97a07d5 100644
--- a/include/openssl/x509_vfy.h
+++ b/include/openssl/x509_vfy.h
@@ -158,6 +158,25 @@
DEFINE_STACK_OF(X509_VERIFY_PARAM)
+typedef int (*X509_STORE_CTX_verify_cb)(int, X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_verify_fn)(X509_STORE_CTX *);
+typedef int (*X509_STORE_CTX_get_issuer_fn)(X509 **issuer,
+ X509_STORE_CTX *ctx, X509 *x);
+typedef int (*X509_STORE_CTX_check_issued_fn)(X509_STORE_CTX *ctx,
+ X509 *x, X509 *issuer);
+typedef int (*X509_STORE_CTX_check_revocation_fn)(X509_STORE_CTX *ctx);
+typedef int (*X509_STORE_CTX_get_crl_fn)(X509_STORE_CTX *ctx,
+ X509_CRL **crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_crl_fn)(X509_STORE_CTX *ctx, X509_CRL *crl);
+typedef int (*X509_STORE_CTX_cert_crl_fn)(X509_STORE_CTX *ctx,
+ X509_CRL *crl, X509 *x);
+typedef int (*X509_STORE_CTX_check_policy_fn)(X509_STORE_CTX *ctx);
+typedef STACK_OF(X509) *(*X509_STORE_CTX_lookup_certs_fn)(X509_STORE_CTX *ctx,
+ X509_NAME *nm);
+typedef STACK_OF(X509_CRL) *(*X509_STORE_CTX_lookup_crls_fn)(X509_STORE_CTX *ctx,
+ X509_NAME *nm);
+typedef int (*X509_STORE_CTX_cleanup_fn)(X509_STORE_CTX *ctx);
+
/* This is used to hold everything. It is used for all certificate
* validation. Once we have a certificate chain, the 'verify'
* function is then called to actually check the cert chain. */
@@ -175,26 +194,23 @@
X509_VERIFY_PARAM *param;
/* Callbacks for various operations */
- int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
- int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
- int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
- int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
- int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
- int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
- int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
- int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
- STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
- STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
- int (*cleanup)(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_verify_fn verify; /* called to verify a certificate */
+ X509_STORE_CTX_verify_cb verify_cb; /* error callback */
+ X509_STORE_CTX_get_issuer_fn get_issuer; /* get issuers cert from ctx */
+ X509_STORE_CTX_check_issued_fn check_issued; /* check issued */
+ X509_STORE_CTX_check_revocation_fn check_revocation; /* Check revocation status of chain */
+ X509_STORE_CTX_get_crl_fn get_crl; /* retrieve CRL */
+ X509_STORE_CTX_check_crl_fn check_crl; /* Check CRL validity */
+ X509_STORE_CTX_cert_crl_fn cert_crl; /* Check certificate against CRL */
+ X509_STORE_CTX_lookup_certs_fn lookup_certs;
+ X509_STORE_CTX_lookup_crls_fn lookup_crls;
+ X509_STORE_CTX_cleanup_fn cleanup;
CRYPTO_refcount_t references;
} /* X509_STORE */;
OPENSSL_EXPORT int X509_STORE_set_depth(X509_STORE *store, int depth);
-#define X509_STORE_set_verify_cb_func(ctx,func) ((ctx)->verify_cb=(func))
-#define X509_STORE_set_verify_func(ctx,func) ((ctx)->verify=(func))
-
/* This is the functions plus an instance of the local variables. */
struct x509_lookup_st
{
@@ -222,18 +238,18 @@
void *other_ctx; /* Other info for use with get_issuer() */
/* Callbacks for various operations */
- int (*verify)(X509_STORE_CTX *ctx); /* called to verify a certificate */
- int (*verify_cb)(int ok,X509_STORE_CTX *ctx); /* error callback */
- int (*get_issuer)(X509 **issuer, X509_STORE_CTX *ctx, X509 *x); /* get issuers cert from ctx */
- int (*check_issued)(X509_STORE_CTX *ctx, X509 *x, X509 *issuer); /* check issued */
- int (*check_revocation)(X509_STORE_CTX *ctx); /* Check revocation status of chain */
- int (*get_crl)(X509_STORE_CTX *ctx, X509_CRL **crl, X509 *x); /* retrieve CRL */
- int (*check_crl)(X509_STORE_CTX *ctx, X509_CRL *crl); /* Check CRL validity */
- int (*cert_crl)(X509_STORE_CTX *ctx, X509_CRL *crl, X509 *x); /* Check certificate against CRL */
- int (*check_policy)(X509_STORE_CTX *ctx);
- STACK_OF(X509) * (*lookup_certs)(X509_STORE_CTX *ctx, X509_NAME *nm);
- STACK_OF(X509_CRL) * (*lookup_crls)(X509_STORE_CTX *ctx, X509_NAME *nm);
- int (*cleanup)(X509_STORE_CTX *ctx);
+ X509_STORE_CTX_verify_fn verify; /* called to verify a certificate */
+ X509_STORE_CTX_verify_cb verify_cb; /* error callback */
+ X509_STORE_CTX_get_issuer_fn get_issuer; /* get issuers cert from ctx */
+ X509_STORE_CTX_check_issued_fn check_issued; /* check issued */
+ X509_STORE_CTX_check_revocation_fn check_revocation; /* Check revocation status of chain */
+ X509_STORE_CTX_get_crl_fn get_crl; /* retrieve CRL */
+ X509_STORE_CTX_check_crl_fn check_crl; /* Check CRL validity */
+ X509_STORE_CTX_cert_crl_fn cert_crl; /* Check certificate against CRL */
+ X509_STORE_CTX_check_policy_fn check_policy;
+ X509_STORE_CTX_lookup_certs_fn lookup_certs;
+ X509_STORE_CTX_lookup_crls_fn lookup_crls;
+ X509_STORE_CTX_cleanup_fn cleanup;
/* The following is built up */
int valid; /* if 0, rebuild chain */
@@ -441,11 +457,58 @@
OPENSSL_EXPORT void X509_STORE_set0_additional_untrusted(
X509_STORE *ctx, STACK_OF(X509) *untrusted);
-OPENSSL_EXPORT void X509_STORE_set_verify_cb(X509_STORE *ctx,
- int (*verify_cb)(int, X509_STORE_CTX *));
+OPENSSL_EXPORT void X509_STORE_set_verify(X509_STORE *ctx,
+ X509_STORE_CTX_verify_fn verify);
+#define X509_STORE_set_verify_func(ctx, func) \
+ X509_STORE_set_verify((ctx), (func))
+OPENSSL_EXPORT void X509_STORE_CTX_set_verify(X509_STORE_CTX *ctx,
+ X509_STORE_CTX_verify_fn verify);
+OPENSSL_EXPORT X509_STORE_CTX_verify_fn X509_STORE_get_verify(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_verify_cb(
+ X509_STORE *ctx, X509_STORE_CTX_verify_cb verify_cb);
+#define X509_STORE_set_verify_cb_func(ctx, func) \
+ X509_STORE_set_verify_cb((ctx), (func))
+OPENSSL_EXPORT X509_STORE_CTX_verify_cb
+X509_STORE_get_verify_cb(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_get_issuer(
+ X509_STORE *ctx, X509_STORE_CTX_get_issuer_fn get_issuer);
+OPENSSL_EXPORT X509_STORE_CTX_get_issuer_fn
+X509_STORE_get_get_issuer(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_check_issued(
+ X509_STORE *ctx, X509_STORE_CTX_check_issued_fn check_issued);
+OPENSSL_EXPORT X509_STORE_CTX_check_issued_fn
+X509_STORE_get_check_issued(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_check_revocation(
+ X509_STORE *ctx, X509_STORE_CTX_check_revocation_fn check_revocation);
+OPENSSL_EXPORT X509_STORE_CTX_check_revocation_fn
+X509_STORE_get_check_revocation(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_get_crl(X509_STORE *ctx,
+ X509_STORE_CTX_get_crl_fn get_crl);
+OPENSSL_EXPORT X509_STORE_CTX_get_crl_fn
+X509_STORE_get_get_crl(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_check_crl(
+ X509_STORE *ctx, X509_STORE_CTX_check_crl_fn check_crl);
+OPENSSL_EXPORT X509_STORE_CTX_check_crl_fn
+X509_STORE_get_check_crl(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_cert_crl(
+ X509_STORE *ctx, X509_STORE_CTX_cert_crl_fn cert_crl);
+OPENSSL_EXPORT X509_STORE_CTX_cert_crl_fn
+X509_STORE_get_cert_crl(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_lookup_certs(
+ X509_STORE *ctx, X509_STORE_CTX_lookup_certs_fn lookup_certs);
+OPENSSL_EXPORT X509_STORE_CTX_lookup_certs_fn
+X509_STORE_get_lookup_certs(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_lookup_crls(
+ X509_STORE *ctx, X509_STORE_CTX_lookup_crls_fn lookup_crls);
+#define X509_STORE_set_lookup_crls_cb(ctx, func) \
+ X509_STORE_set_lookup_crls((ctx), (func))
+OPENSSL_EXPORT X509_STORE_CTX_lookup_crls_fn
+X509_STORE_get_lookup_crls(X509_STORE *ctx);
+OPENSSL_EXPORT void X509_STORE_set_cleanup(X509_STORE *ctx,
+ X509_STORE_CTX_cleanup_fn cleanup);
+OPENSSL_EXPORT X509_STORE_CTX_cleanup_fn
+X509_STORE_get_cleanup(X509_STORE *ctx);
-OPENSSL_EXPORT void X509_STORE_set_lookup_crls_cb(X509_STORE *ctx,
- STACK_OF(X509_CRL)* (*cb)(X509_STORE_CTX *ctx, X509_NAME *nm));
OPENSSL_EXPORT X509_STORE_CTX *X509_STORE_CTX_new(void);
@@ -459,6 +522,7 @@
OPENSSL_EXPORT void X509_STORE_CTX_cleanup(X509_STORE_CTX *ctx);
OPENSSL_EXPORT X509_STORE *X509_STORE_CTX_get0_store(X509_STORE_CTX *ctx);
+OPENSSL_EXPORT X509 *X509_STORE_CTX_get0_cert(X509_STORE_CTX *ctx);
OPENSSL_EXPORT X509_LOOKUP *X509_STORE_add_lookup(X509_STORE *v, X509_LOOKUP_METHOD *m);
